Software Secured Resources

Application Security & SDLC Case Studies and Technical Resources.

Appsec Case Studies

Aviation Industry

Mxi Technologies provides maintenance management software for the aviation industry. Software Secured integrated intelligent application security testing into MXI’s Maintenix, which is a web-based software application designed specifically for maintenance in the aviation industry.

Download Case Study

Artist Showcase Platform

Software Secured integrated intelligent application security testing into ArtStation’s platform. ArtStation is the showcase platform for games, film, media & entertainment artists. It enables artists to showcase their portfolios in a slick way, discover & stay inspired, and connect with new opportunities.

Download Case Study

E-Commerce

This NHL team provided a convenient way for their fans to buy and renew their season tickets. Subject to PCI compliance, this NHL team chose Software Secured’s intelligent application security testing. Software Secured ensured that this team continuously scores a shutout against hackers.

Download Case Study

Appsec White Papers

Proving Adherence to Application Security

Industry standards and the best practices for developing secure software.

Download Whitepaper

Introduction to SQL Injection Mitigation

What is SQL Injection? The popularity of Structured Query Language (SQL) injection attacks has grown significantly over the years and employing relevant mitigation practices will help your application from being added to a growing list of insecure applications...

read more

Application Security Code Review Introduction

Security code review is a process which systematically applies a collection of security audit methodologies capable of ensuring that both environments and coding practices contribute to the development of an application resilient to operational and environmental...

read more
The Top 3 Challenges DevOps Poses to Security Teams

The Top 3 Challenges DevOps Poses to Security Teams

DevOps has revolutionized how new applications are brought online, but it is also challenging how security teams do their jobs. In theory, DevOps can make applications more secure by baking security into the Sofware Development Lifecycle from the earliest stages of...

read more

There is More to Application Security than Bulletproof Code

In recent months, momentum has been mounting for developers to write code for their applications that is more secure. While writing secure code is vital to the security of an organization, it's not the final word in creating applications resistant to attacks. A number...

read more
What do SAST, DAST, IAST and RASP mean to developers?

What do SAST, DAST, IAST and RASP mean to developers?

It's estimated that 90 percent of security incidents result from attackers exploiting known software bugs. Needless to say, squashing those bugs in the development phase of software could reduce the information security risks facing many organizations today. To do...

read more
Why don’t developers write more secure code?

Why don’t developers write more secure code?

Developers have been rapped in some circles for writing code with security flaws, but is such criticism justified? Where is security on developers' priority list? Programmers certainly have a lot on their plates and while security has been a burning issue in recent...

read more
Quantifying Software Security Risk

Quantifying Software Security Risk

Quantifying Software Security Risk What are the frameworks out there that organizations can use to quantify risk? Risk management is a hot topic across many boardrooms, so much so that the insurance and financial sectors have established frameworks that organizations...

read more
How to Quickly Audit Your Cryptography Usage?

How to Quickly Audit Your Cryptography Usage?

Cryptography is an important security security control  for any application.  It is essential in securing data at rest and in transit. But how do you know your team is following good and solid crypto practices? How do you know whether there are gaps that need to be...

read more
Setting up a Secure Instance of Express JS (GitHub Repo)

Setting up a Secure Instance of Express JS (GitHub Repo)

In a previous blog post I mentioned ways to secure your ExpressJS instance. This included both using third party modules and modifications to the default configuration of Express. The blog post received great feedback, so we decided to create a skeleton that showed...

read more
Reading through the IRS Hack: Failures and Analysis

Reading through the IRS Hack: Failures and Analysis

IRS has reported that  thieves stole tax information from 100,000 taxpayers, pretty disturbing news on multiple levels. The first level of disturbance is obviously that an organization like the IRS which has more information on every single citizen - probably more...

read more
Security Comparison: AngularJS vs Backbone.js vs Ember

Security Comparison: AngularJS vs Backbone.js vs Ember

Introduction Client side JavaScript security is becoming more and more of an issue with the shift to Single Page Applications or SPAs in modern web development. There are many different libraries and frameworks to pick from when you set out to build your own SPA. The...

read more
Simplified Application Security Code Review

Simplified Application Security Code Review

Obviously it is not 2005 anymore. 10 years ago most organizations were OK with perimeter security and a vulnerability scanner. This shift started to happen in the U.S from perimeter security to application security about 4-6 years ago depending on the industry, I know...

read more

Cyber Security Laws & Regulations in Canada

Pop quiz, do Canadians and Americans approach cyber security the same way? The answer is a clear and definite no. With the recent passage of HB 1078 in Washington State (see: here), it seemed appropriate to compare the legal attitudes between Canada’s Parliament and...

read more

Secure Your Express Application

At Software Secured, we have been building our internal tools around Node.js and Express. Node.js is becoming more and more popular nowadays and several frameworks have popped up to wrap Node.js functionality and APIs. One of these frameworks is Express. Express is...

read more

Top Risks and Recommendations For Windows Store Apps

This article originally appeared on Microsoft Developer Connection   OWASP’s Mobile Top 10 is a project launched by OWASP to identify the top 10 risks and threats to mobile apps at large. The project highlights the risk, the impact it could have, and finally some...

read more

Federated Identities: OpenID vs SAML vs OAuth

For an updated version of this article please click here. Single sign-on (SSO) started it all. Organizations needed a way to unify authentication systems in the enterprise for easier management and better security. Single sign-on was widely adopted and provided a...

read more

A Low-Tech Solution To a High-Tech Problem

The Cost is Going Up The cost of data breaches continue to climb, Global Payments which back in the spring reported a data breach in which information associated with an estimated 1.4 million payments cards was stolen, has revealed that expenses associated with...

read more

Are All Static Code Analysis Tools Created Equal?

Static code analysis is an essential ingredient in any semi-decent software security assurance program. Let's get this out of the way, whether commercial or open source, they are just one important component in software security testing these days. The question is,...

read more

Top 4 Sources For Information Leakage

Ask pen-testers and they will tell you that the attack is as successful as how much information they can gather during the reconnaissance phase. Reconnaissance is the phase where the attacker tries to gather as much information about your application as possible. How...

read more

Lazy programmer’s guide to web.xml security review

No matter how much security is built in the application, if your configuration is not up to bar, I can safely tell you that it does not really matter how much security is in the application. As the old saying goes: it is as secure as the weakest link, so don't let the...

read more

5 Free Ways to Teach Yourself Software Security

--> I was thinking the other day where does an average software developer or a quality assurance engineer draw their fundamental software knowledge from. The fundamentals and basics are mostly engraved in university and maybe the first couple of years of professional...

read more

Why You Should Re-consider Custom Error Pages

Custom error pages are one of the things that I have always seen in the nice to have requirements document when I was a software developer. You know, when we are done with the "real work", you will start putting those in web.xml or web.config and start testing them...

read more

The Missing Truth behind SQL Injection

SQL Injection was first found back in 1998, since then a lot of effort has been made towards mitigating this attack. However, it still tops SANS Top 20 and OWASP Top 10 lists. Why is that? What’s missing in addition to all what has been done so far.

read more